Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2653

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-2653
Last Modified 04 Apr 2013 11:10:57
Published 12 Jul 2012 04:55:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2653

Summary

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.

Vulnerable Systems

Application

  • Lawrence Berkeley National Laboratory Arpwatch 2.1a15


References

MLIST - [oss-security] 20120525 Re: CVE Request: powerdns does not clear supplementary groups

MLIST - [oss-security] 20120524 Re: CVE Request: powerdns does not clear supplementary groups

DEBIAN - DSA-2481

FEDORA - FEDORA-2012-8675

FEDORA - FEDORA-2012-8702

FEDORA - FEDORA-2012-8677

MANDRIVA - MDVSA-2012:113

Related Patches

Novell SUSE 2012:6570 arpwatch security update for SLES 11 SP1 i586

Novell SUSE 2012:6570 arpwatch security update for SLES 11 SP1 x86_64


Last Updated: 27 May 2016 10:53:46